First published: Wed Nov 01 2023(Updated: )
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can exploit this vulnerability by uploading a crafted ZIP archive via the network to McFeeder’s service endpoint.
Credit: cybersecurity@hitachienergy.com
Affected Software | Affected Version | How to fix |
---|---|---|
Hitachienergy Modular Advanced Control For Hvdc | >=5.0<7.17.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-2621 is an arbitrary file write vulnerability in the McFeeder server, which is part of the SSW package.
CVE-2023-2621 affects Hitachienergy Modular Advanced Control For Hvdc versions 5.0 to 7.17.0.0.
CVE-2023-2621 has a severity rating of 6.5 (Medium).
To fix CVE-2023-2621, it is recommended to update the McFeeder server to a version that addresses the arbitrary file write vulnerability.
You can find more information about CVE-2023-2621 on the Hitachi Energy website: [link](https://publisher.hitachienergy.com/preview?DocumentId=8DBD000177&languageCode=en&Preview=true).